U.S. Dam Data Breach and NERC CIP Standards

United States intelligence agencies have uncovered a data breach that targeted and compromised the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) starting back in January.

The database itself contains classified information on vulnerabilities on 8,100 dams across the United States, including rankings of hazard levels for each dam. It has been mentioned in the media that U.S. officials have made claims tracing the attack to the Chinese government, but no additional information has been provided regarding these statements.

The information from the National Inventory of Dams in the wrong hands could provide a road map for cyber attacks from a hostile state, or terrorist group to target dams, as well as disrupt the power grid.

The National Inventory of Dams data could provide attackers with information on what NERC (North America Electric Reliability Corporation) the entity for enforcing reliability, security and compliance for the bulk power system, would classify as Critical Assets (CA) and the Critical Cyber Assets (CCA) that control them.

Tripwire will be providing more information regarding NERC CIP in the coming months. Tripwire has a long history working with hundreds of entities not only helping with NERC audits, but also ensuring security of the electronic perimeter, and providing management of critical systems.

Here is a list of some additional educational resources regarding NERC and securing the nation’s power grid: